Update API to use (char *) for email addresses and hostnames

Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char *) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername().

Update API to use (char *) for email addresses and hostnames
Reduces number of silly casts in OpenSSL code and likely most applications. Consistent with (char *) for "peername" value from X509_check_host() and X509_VERIFY_PARAM_get0_peername().
297c67fc · Viktor Dukhovni · ee724df7 · 297c67fc · 297c67fc · 297c67fc
12 changed file
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -2388,7 +2388,8 @@ int args_verify(char ***pargs, int *pargc,
 	char *arg = **pargs, *argn = (*pargs)[1];
 	const X509_VERIFY_PARAM *vpm = NULL;
 	time_t at_time = 0;
-	const unsigned char *hostname = NULL, *email = NULL;
+	char *hostname = NULL;
+	char *email = NULL;
 	char *ipasc = NULL;
 	if (!strcmp(arg, "-policy"))
 		{
@@ -2482,14 +2483,14 @@ int args_verify(char ***pargs, int *pargc,
 		{
 		if (!argn)
 			*badarg = 1;
-		hostname = (unsigned char *)argn;
+		hostname = argn;
 		(*pargs)++;
 		}
 	else if (strcmp(arg,"-verify_email") == 0)
 		{
 		if (!argn)
 			*badarg = 1;
-		email = (unsigned char *)argn;
+		email = argn;
 		(*pargs)++;
 		}
 	else if (strcmp(arg,"-verify_ip") == 0)
@@ -2960,8 +2961,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
 #endif  /* ndef OPENSSL_NO_TLSEXT */

 void print_cert_checks(BIO *bio, X509 *x,
-				const unsigned char *checkhost,
-				const unsigned char *checkemail,
+				const char *checkhost,
+				const char *checkemail,
 				const char *checkip)
 	{
 	if (x == NULL)

--- a/apps/apps.h
+++ b/apps/apps.h
@@ -342,8 +342,8 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
 #endif  /* ndef OPENSSL_NO_TLSEXT */

 void print_cert_checks(BIO *bio, X509 *x,
-				const unsigned char *checkhost,
-				const unsigned char *checkemail,
+				const char *checkhost,
+				const char *checkemail,
 				const char *checkip);

 void store_setup_crl_download(X509_STORE *st);

--- a/apps/x509.c
+++ b/apps/x509.c
@@ -214,7 +214,8 @@ int MAIN(int argc, char **argv)
 	int need_rand = 0;
 	int checkend=0,checkoffset=0;
 	unsigned long nmflag = 0, certflag = 0;
-	unsigned char *checkhost = NULL, *checkemail = NULL;
+	char *checkhost = NULL;
+	char *checkemail = NULL;
 	char *checkip = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
@@ -474,12 +475,12 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-checkhost") == 0)
 			{
 			if (--argc < 1) goto bad;
-			checkhost=(unsigned char *)*(++argv);
+			checkhost=*(++argv);
 			}
 		else if (strcmp(*argv,"-checkemail") == 0)
 			{
 			if (--argc < 1) goto bad;
-			checkemail=(unsigned char *)*(++argv);
+			checkemail=*(++argv);
 			}
 		else if (strcmp(*argv,"-checkip") == 0)
 			{

--- a/crypto/x509/x509_lcl.h
+++ b/crypto/x509/x509_lcl.h
@@ -63,7 +63,7 @@ struct X509_VERIFY_PARAM_ID_st
 	STACK_OF(OPENSSL_STRING) *hosts;	/* Set of acceptable names */
 	unsigned int hostflags;	/* Flags to control matching features */
 	char *peername;		/* Matching hostname in peer certificate */
-	unsigned char *email;	/* If not NULL email address to match */
+	char *email;		/* If not NULL email address to match */
 	size_t emaillen;
 	unsigned char *ip;	/* If not NULL IP address to match */
 	size_t iplen;		/* Length of IP address */

--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -747,11 +747,11 @@ static int check_hosts(X509 *x, X509_VERIFY_PARAM_ID *id)
 	{
 	int i;
 	int n = sk_OPENSSL_STRING_num(id->hosts);
-	unsigned char *name;
+	char *name;

 	for (i = 0; i < n; ++i)
 		{
-		name = (unsigned char *)sk_OPENSSL_STRING_value(id->hosts, i);
+		name = sk_OPENSSL_STRING_value(id->hosts, i);
 		if (X509_check_host(x, name, 0, id->hostflags,
 				    &id->peername) > 0)
 			return 1;

--- a/crypto/x509/x509_vfy.h
+++ b/crypto/x509/x509_vfy.h
@@ -559,14 +559,14 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 					STACK_OF(ASN1_OBJECT) *policies);

 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-				const unsigned char *name, size_t namelen);
+				const char *name, size_t namelen);
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-				const unsigned char *name, size_t namelen);
+				const char *name, size_t namelen);
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
 					unsigned int flags);
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-				const unsigned char *email, size_t emaillen);
+				const char *email, size_t emaillen);
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 					const unsigned char *ip, size_t iplen);
 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);

--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -78,7 +78,7 @@ static void str_free(char *s) { OPENSSL_free(s); }
 #define string_stack_free(sk) sk_OPENSSL_STRING_pop_free(sk, str_free)

 static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
-				    const unsigned char *name, size_t namelen)
+				    const char *name, size_t namelen)
 	{
 	char *copy;

@@ -87,7 +87,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
 	 * XXX: Do we need to push an error onto the error stack?
 	 */
 	if (namelen == 0)
-		namelen = name ? strlen((char *)name) : 0;
+		namelen = name ? strlen(name) : 0;
 	else if (name && memchr(name, '\0', namelen > 1 ? namelen-1 : namelen))
 		 return 0;
 	if (name && name[namelen-1] == '\0')
@@ -101,7 +101,7 @@ static int int_x509_param_set_hosts(X509_VERIFY_PARAM_ID *id, int mode,
 	if (name == NULL || namelen == 0)
 		return 1;

-	copy = BUF_strndup((char *)name, namelen);
+	copy = BUF_strndup(name, namelen);
 	if (copy == NULL)
 		return 0;

@@ -338,16 +338,16 @@ int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
 	return ret;
 	}

-static int int_x509_param_set1(unsigned char **pdest, size_t *pdestlen,
-				const unsigned char *src, size_t srclen)
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+				const char *src, size_t srclen)
 	{
 	void *tmp;
 	if (src)
 		{
 		if (srclen == 0)
 			{
-			tmp = BUF_strdup((char *)src);
-			srclen = strlen((char *)src);
+			tmp = BUF_strdup(src);
+			srclen = strlen(src);
 			}
 		else
 			tmp = BUF_memdup(src, srclen);
@@ -467,13 +467,13 @@ int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
 	}

 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-				const unsigned char *name, size_t namelen)
+				const char *name, size_t namelen)
 	{
 	return int_x509_param_set_hosts(param->id, SET_HOST, name, namelen);
 	}

 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-				const unsigned char *name, size_t namelen)
+				const char *name, size_t namelen)
 	{
 	return int_x509_param_set_hosts(param->id, ADD_HOST, name, namelen);
 	}
@@ -490,7 +490,7 @@ char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
 	}

 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-				const unsigned char *email, size_t emaillen)
+				const char *email, size_t emaillen)
 	{
 	return int_x509_param_set1(&param->id->email, &param->id->emaillen,
 					email, emaillen);
@@ -501,17 +501,19 @@ int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 	{
 	if (iplen != 0 && iplen != 4 && iplen != 16)
 		return 0;
-	return int_x509_param_set1(&param->id->ip, &param->id->iplen, ip, iplen);
+	return int_x509_param_set1((char **)&param->id->ip, &param->id->iplen,
+				   (char *)ip, iplen);
 	}

 int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
 	{
 	unsigned char ipout[16];
-	int iplen;
-	iplen = a2i_ipadd(ipout, ipasc);
+	size_t iplen;
+
+	iplen = (size_t) a2i_ipadd(ipout, ipasc);
 	if (iplen == 0)
 		return 0;
-	return X509_VERIFY_PARAM_set1_ip(param, ipout, (size_t)iplen);
+	return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
 	}

 int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)

--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -852,8 +852,7 @@ static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
 */

 static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
-				unsigned int flags,
-				const unsigned char *b, size_t blen,
+				unsigned int flags, const char *b, size_t blen,
 				char **peername)
 	{
 	int rv = 0;
@@ -865,7 +864,8 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 		if (cmp_type != a->type)
 			return 0;
 		if (cmp_type == V_ASN1_IA5STRING)
-			rv = equal(a->data, a->length, b, blen, flags);
+			rv = equal(a->data, a->length,
+				   (unsigned char *)b, blen, flags);
 		else if (a->length == (int)blen && !memcmp(a->data, b, blen))
 			rv = 1;
 		if (rv > 0 && peername)
@@ -878,7 +878,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 		astrlen = ASN1_STRING_to_UTF8(&astr, a);
 		if (astrlen < 0)
 			return -1;
-		rv = equal(astr, astrlen, b, blen, flags);
+		rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
 		OPENSSL_free(astr);
 		if (rv > 0 && peername)
 			*peername = BUF_strndup((char *)astr, astrlen);
@@ -886,7 +886,7 @@ static int do_check_string(ASN1_STRING *a, int cmp_type, equal_fn equal,
 	return rv;
 	}

-static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags, int check_type,
 					char **peername)
 	{
@@ -927,7 +927,7 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 		}

 	if (chklen == 0)
-		chklen = strlen((const char *)chk);
+		chklen = strlen(chk);

 	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
 	if (gens)
@@ -975,8 +975,8 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen,
 	return 0;
 	}

-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags, char **peername)
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+			unsigned int flags, char **peername)
 	{
 	if (chk == NULL)
 		return -2;
@@ -986,7 +986,7 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
 	 * NUL in string length).
 	 */
 	if (chklen == 0)
-		chklen = strlen((char *)chk);
+		chklen = strlen(chk);
 	else if (memchr(chk, '\0', chklen > 1 ? chklen-1 : chklen))
 		return -2;
 	if (chklen > 1 && chk[chklen-1] == '\0')
@@ -994,8 +994,8 @@ int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
 	return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
 	}

-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
-					unsigned int flags)
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+			unsigned int flags)
 	{
 	if (chk == NULL)
 		return -2;
@@ -1018,19 +1018,20 @@ int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
 	{
 	if (chk == NULL)
 		return -2;
-	return do_x509_check(x, chk, chklen, flags, GEN_IPADD, NULL);
+	return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
 	}

 int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
 	{
 	unsigned char ipout[16];
-	int iplen;
+	size_t iplen;
+
 	if (ipasc == NULL)
 		return -2;
-	iplen = a2i_ipadd(ipout, ipasc);
+	iplen = (size_t) a2i_ipadd(ipout, ipasc);
 	if (iplen == 0)
 		return -2;
-	return do_x509_check(x, ipout, (size_t)iplen, flags, GEN_IPADD, NULL);
+	return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
 	}

 /* Convert IP addresses both IPv4 and IPv6 into an 

--- a/crypto/x509v3/v3nametest.c
+++ b/crypto/x509v3/v3nametest.c
@@ -275,8 +275,7 @@ static void run_cert(X509 *crt, const char *nameincert,
 		int match, ret;
 		memcpy(name, *pname, namelen);

-		ret = X509_check_host(crt, (const unsigned char *)name,
-				      namelen, 0, NULL);
+		ret = X509_check_host(crt, name, namelen, 0, NULL);
 		match = -1;
 		if (ret < 0)
 			{
@@ -294,9 +293,8 @@ static void run_cert(X509 *crt, const char *nameincert,
 			match = 1;
 		check_message(fn, "host", nameincert, match, *pname);

-		ret = X509_check_host(crt, (const unsigned char *)name,
-				      namelen, X509_CHECK_FLAG_NO_WILDCARDS,
-				      NULL);
+		ret = X509_check_host(crt, name, namelen,
+				      X509_CHECK_FLAG_NO_WILDCARDS, NULL);
 		match = -1;
 		if (ret < 0)
 			{
@@ -315,8 +313,7 @@ static void run_cert(X509 *crt, const char *nameincert,
 		check_message(fn, "host-no-wildcards",
 			      nameincert, match, *pname);

-		ret = X509_check_email(crt, (const unsigned char *)name,
-				       namelen, 0);
+		ret = X509_check_email(crt, name, namelen, 0);
 		match = -1;
 		if (fn->email)
 			{

--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -719,9 +719,9 @@ STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
 */
 #define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000

-int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags, char **peername);
-int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen,
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
 					unsigned int flags);
 int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
 					unsigned int flags);

--- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
@@ -27,18 +27,17 @@ X509_VERIFY_PARAM_set_flags, X509_VERIFY_PARAM_clear_flags, X509_VERIFY_PARAM_ge
 int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);

 int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
-				 const unsigned char *name, size_t namelen);
+				 const char *name, size_t namelen);
 int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
-                                 const unsigned char *name, size_t namelen);
+                                 const char *name, size_t namelen);
 void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
 				      unsigned int flags);
 char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param);
 int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
-				 const unsigned char *email, size_t emaillen);
+				 const char *email, size_t emaillen);
 int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
 			       const unsigned char *ip, size_t iplen);
- int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
-				   const char *ipasc);
+ int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc);

 =head1 DESCRIPTION


--- a/doc/crypto/X509_check_host.pod
+++ b/doc/crypto/X509_check_host.pod
@@ -8,12 +8,12 @@ X509_check_host, X509_check_email, X509_check_ip, X509_check_ip_asc - X.509 cert

 #include <openssl/x509.h>

- int X509_check_host(X509 *, const unsigned char *name,
-                     size_t namelen, unsigned int flags, char **peername);
- int X509_check_email(X509 *, const unsigned char *address,
-                     size_t addresslen, unsigned int flags);
- int X509_check_ip(X509 *, const unsigned char *address,
-                   size_t addresslen, unsigned int flags);
+ int X509_check_host(X509 *, const char *name, size_t namelen,
+		     unsigned int flags, char **peername);
+ int X509_check_email(X509 *, const char *address, size_t addresslen,
+		      unsigned int flags);
+ int X509_check_ip(X509 *, const unsigned char *address, size_t addresslen,
+		   unsigned int flags);
 int X509_check_ip_asc(X509 *, const char *address, unsigned int flags);

 =head1 DESCRIPTION